Author: Marek Marczykowski-Górecki Date: To: Patrick Schleizer CC: desktops, The Tails public development discussion list, Whonix-devel Subject: Re: [Tails-dev] [Secure Desktops] Tails' MAC 'leak prevention'
question
On Wed, Nov 25, 2015 at 11:09:32PM +0000, Patrick Schleizer wrote: > I understand Tails' MAC 'leak prevention' [1] [2] as this... Without
> 'leak prevention', things would happen like this:
>
> a)
>
> 1) system boots
> 2) kernel module loaded
> 3) MAC leaked
> 4) macchanger started
> 5) MAC changed
> 6) NetworkManager started
>
> So the MAC leaked even before NetworkManager, before the the interface
> has been uped, before macchanger may have had a chance to change it.
Can someone point some reference for this? I think the network interface
send absolutely nothing when it isn't uped.
> Therefore Tails does as this:
>
> b)
>
> 1) system boots with kernel modules blacklisted
> 2) user makes decision [to spoof MAC]
> 3) MAC changed
> 4) kernel module loaded
> 5) NetworkManger started
>
> But if there hypothesis was true... They still have a small window
> between tails-unblock-network, service network-manager start and macchanger.
>
> Can the MAC be changed without having the kernel module loaded?
> - if yes -> great
> - if no -> then there would be room for MAC leaks like in a), right?
I think it's not. There is no network interface then, so nothing that
could passed to macchanger.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
